Open mcdurdin opened 3 years ago
Any update on this? My app in java can not verify the hash from this package because of this issue
This is where cause the problem. https://github.com/simonepri/phc-argon2/blob/900c5aea9185b69a677ce27ce06aa8a9526222fd/index.js#L172
Any update on this? My app in java can not verify the hash from this package because of this issue
Hello, I have the same issue. My Spring Auth service cannot verify this hash, did you find any workaround ? I use AdonisJS
The workaround is re-ordering the params
object here https://github.com/simonepri/phc-argon2/blob/900c5aea9185b69a677ce27ce06aa8a9526222fd/index.js#L171
params: {
m: memory,
t: iterations,
p: parallelism
},
The hash generated by these functions does not meet the specification, for example with this hash generated from password 'password':
$argon2id$v=19$t=2,m=15360,p=1$dTrnxd5KI59MDnWmdM3sZQ$dWdm8NkGkSmtN7ht5eQig872oo1dQenivc450xZ1BKY
The specification requires the parameters to be in a specific order:
The parameters shall appear in the m,t,p,keyid,data order. The keyid and data parameters are optional; the three others are NOT optional.